70564 SLOVENIA PILOT DIAGNOSTIC REVIEW OF GOVERNANCE OF THE BANKING SECTOR February 2008 Private and Financial Sector Development Department Europe and Central Asia Region THE WORLD BANK 1 2 Contents Abbreviations............................................................................................................................... 4 Foreword ..................................................................................................................................... 5 Acknowledgements ...................................................................................................................... 6 Executive Summary ..................................................................................................................... 7 Background................................................................................................................................ 11 Methodology and Scope of the Review......................................................................................... 11 International Guidance on Corporate Governance of Banks ......................................................... 13 Importance of Corporate Governance in Banks ............................................................................ 12 Overview of the Slovenian Banking Sector .................................................................................. 14 Previous Assessments of the Governance of the Banking Sector ................................................. 15 Key Findings and Recommendations ........................................................................................ 16 Ownership ..................................................................................................................................... 17 Supervisory Boards & Management ............................................................................................. 20 Risk Management, Internal Controls & Related-Party Transactions ............................................ 24 Banking Supervision and Corporate Governance in Banks .......................................................... 26 External Auditors .......................................................................................................................... 28 Disclosure and Market Discipline ................................................................................................. 29 Annexes Annex I: Criteria used to Review of the Corporate Governance Framework for the Slovenian Banking System ......................................................................................................................... 31 Annex II Legislation Affecting the Governance of the Banking Sector .................................. 36 3 Abbreviations ADR American Depositary Receipt BoS Bank of Slovenia CEBS Committee of European Banking Supervisors CEO Chief Executive Officer CESR Committee of European Securities Regulators CFO Chief Financial Officer EU European Union FMA Financial Market Authority FSAP Financial Sector Assessment Program GDP Gross Domestic Product IAASB International Auditing and Assurance Standards Board IAPS International Auditing Practice Statement IFAC International Federation of Accountants IFRS International Financial Reporting Standards ISA International Standards of Auditing KAD Kapitalska Druzba (Capital Fund) KDD Klirinško depotna družba (Central Securities Clearing Corporation) MOF Ministry of Finance MOU Memorandum of Understanding NLB Nova Ljubljanska banka NKBM Nova Kreditna banka Maribor OECD Organisation for Economic Co-operation and Development ROSC Report on Observance of Standards and Codes RMS Risk Management System SOD Slovenska odskodninska druzba (Slovenian Compensation Fund) US United States 4 Foreword A great deal of attention has been given to the issue of corporate governance. With the recognition that as markets become more sophisticated banking supervision alone cannot assure stability in the financial sector, corporate governance has received more attention as a necessary complement to regulation. The Basel II Capital Accords similarly highlighted the importance of robust governance in banks as a means of ensuring a sound and stable banking sector. Experience shows that having the appropriate levels of accountability and checks and balances within each bank is critical for proactively managing risk and improving the overall health of financial systems. This Review is one of a series of pilot financial sector governance diagnostic reviews undertaken by the Financial and Private Sector Development Department of the Europe and Central Asia Region of the World Bank. It is the third review in Slovenia, following reviews of governance of the insurance and collective investment fund sectors. The World Bank would like to thank the Bank of Slovenia, which requested preparation of the Review, for their close collaboration during the preparation of the Review. We hope that the Review is helpful to all banking supervisors and particularly to the supervisors of the Bank of Slovenia in their continuing efforts to strengthen corporate governance of the Slovenian banking system. 5 Acknowledgements The report was prepared by Sue Rutledge (Corporate Governance Coordinator for the Europe and Central Asia Region/Senior Private Sector Development Specialist) and Peter Nicholl (Advisor to Governor of Central Bank of Bosnia and Herzegovina). Assistance was also provided by James Gianetto (Advisor to the Bank of Slovenia.) Peer review comments were provided by Jan Willem van der Vossen (International Monetary Fund) and Joaquin Gutierrez, Peter Kyle, Alex Berg and Pasquale Di Benedetta (all World Bank). Can Atacik assisted the finalization of this report. Nasreen Chudry Bhuller (both World Bank) provided support in the production of this document. The World Bank would like to express its gratitude for the efforts of all parties involved in the preparation of this report. 6 Executive Summary The financial crises of the late 1990s in East Asia and Eastern Europe, as well as the recent corporate governance scandals in Europe and America, have highlighted the need for strong corporate governance in ensuring a sound and stable financial sector. The governance practices of banks are important because banks accept deposits from the public, whose funds the government has an implicit (and often an explicit) obligation to protect. Banks are also subject to information asymmetries and high leverage, both of which make banks vulnerable to a sudden run on deposits where public confidence fails. Furthermore the failure of a major bank can have serious consequences for the financial sector and an adverse impact on the national and regional economies. World Bank research indicates that, after a major crisis, the cost of recapitalizing a banking sector reaches on average 13 percent of GDP (Honohan and Klingebiel, 2000; Caprio and Klingebiel, 2003). Strong corporate governance of banks contains many benefits. Transparent and accountable relationships within banks establish a first level of defence against fraud, misrepresentation (or in the case of bankruptcy and default, defalcation.) Strong governance within banks also strengthens the supervisory system and can help to reduce the costs of banking supervision. In addition, the international community has encouraged the strengthening of governance in the banking sector. The Basel II Accord on International Convergence of Capital Measurement and Capital Standards (June 2006) emphasizes strong internal governance in banks and high levels of public disclosure. Under the EU's Capital Requirements Directive adopted in June 2006, EU member states were obliged to implement Basel II starting in 2007. Also in February 2006, the Basel Committee on Banking Supervision issued its guidance which focus on the role and effectiveness of supervisory boards in their function of overseeing bank management. The Basel Committee's revised Core Principles for Effective Banking Supervision and related Methodology (October 2006) also emphasize governance structures. The Slovenian banking sector has successfully weathered the financial crisis seen in other countries in 1997-1998, and has improved its stability. However some shortcomings in bank governance remain. The banking sector over the past decade has demonstrated increasing stability. With the introduction of Euro as of January 2007 and the elimination of most foreign exchange exposure, the financial position of the banking sector is expected to further improve. While the financial soundness of the system has improved, policy changes in the area of governance and their implementation by the banks has lagged behind, undermining the system’s ability to manage risks. In early 2007, revisions were made to the banking law and regulations, which substantially addressed most of the key issues raised by an early draft of the Review. The final draft of the Review provides additional recommendations on measures to further strengthen governance of the Slovenian banking sector. The Government remains the dominant owner of banks in Slovenia. The ownership of Slovenian banks consists of the Republic of Slovenia (represented by the Finance Ministry), two parastatal agencies and (for less than 15 percent of the sector) European banking corporations. However either directly through the Ministry of Finance, or indirectly through parastatal organizations, the Government controls 50 percent of total banking assets in Slovenia. While the share of foreign bank ownership is growing, at 29 percent it is lower than those seen other central 7 European economies. One major weakness is that as the major shareholder in the banking sector, the Government is not sufficiently active in setting the strategic direction for the banks it owns. Looking ahead, it will be critical for the Government to evaluate its ownership strategy. The Government should either play a very active role in the supervision of its interests to ensure that the market-value of the banks is not diminished--or it should develop and implement a policy for privatization of its stakes in the banks. The Review recommends preference be given to reducing the Government's shareholdings in the banking sector. If the Government's strategy is to maintain medium-term holdings of banks (and other financial institutions), the Government (or the Ministry of Finance) should establish clear financial and non-financial objectives for the financial institutions—and ensure that the bank management and supervisory boards are charged with the task of developing and implementing plans to achieve those objectives. Cross-shareholdings and foreign bank ownership raise their own issues. Cross-shareholding is very common among Slovenian banks and exposes the system to possible related party transaction abuses. While new legislation has been enacted to follow the EU Directive on financial conglomerates and regulations put in place, time will be needed to see if they are sufficient to adequately monitor related-party transactions within mixed financial and industrial conglomerates. In addition, the foreign ownership in the sector suggests that foreign-owned banks follow European banking governance practices. However the foreign control of some banks also raises the issues of home vs. host supervision —and the delineation of supervisory responsibilities. Existing supervisory boards have not been sufficiently active in their oversight role. The revised banking and companies legislation substantially strengthens the role of supervisory boards as do the 2007 regulations related to governance of banks. However additional measures would further strengthen their impact. All bank supervisory boards should include at least two (versus the current requirement for one) independent members. All banks, whether involved in foreign activities or only domestic lending, should have audit committees within their supervisory boards. Other weaknesses are also seen. The internal audit departments of banks do not always have access to the banks' supervisory boards. Banks are permitted to invest as much as 60 percent of total capital in non-financial corporations. Banking supervision provides a diligent review of the sector but the Bank of Slovenia lacks the crucial legal authority to approve all foreign investments and acquisitions by Slovenian banks. The Bank of Slovenia should be have sufficient authority to reject supervisory board members that do not meet the tests of "fit and proper" in their ability to understand and ensure development of adequate systems of risk management and internal controls. The Review's recommendations are listed in Table 1. The highest priorities relate to recommendations on: (1) ownership and (2) strengthening the authority of the Bank of Slovenia to approve all foreign acquisitions of domestic banks and refuse unsuitable members of supervisory boards. The remaining recommendations are of medium-priority. 8 Table 1: Key Recommendations of the Review Ownership 1) The Government should reduce its shareholdings in banks. The first step should be to develop (with the assistance and advice of the Bank of Slovenia - BoS) a medium-term strategy to evaluate the ways to achieve this objective. 2) If the Government decides to retain a controlling interest in banks over the short or medium-term, the Government should develop clear financial and non-financial objectives for those banks. Explicit objectives should be codified and supported by a public policy statement. The banks’ supervisory boards and management should be charged with developing and implementing a plan to meet the objectives. 3) The BoS should monitor adherence to the banking legislation and the Regulation on Disclosures by Banks to ensure that all banks publicly disclose all indirect control arrangements in companies and financial institutions. Supervisory Boards & Management 1) The BoS should require that all banks operating in Slovenia have supervisory board audit committees. The committee should be chaired by an independent director. All but the smallest banks should be required by the BoS to have at least one other board committee that covers the significant non-financial issues. 2) The BoS should specify by regulation that the minimum size of a bank supervisory board be five members and that the larger banks should have more members and supervisory boards should have at least two independent members. 3) The BoS should require that bank supervisory boards hold meetings at least six times a year, with meetings of the audit committees at least four times annually. 4) The Ministry of Finance, representing the Government, should develop a transparent and structured process for the selection, appointment and removal of members of supervisory boards for Government-controlled banks. 5) The Banking Association should work very closely with the Association of Supervisory Board Members and/or other private sector organizations to provide training on corporate governance to supervisory board members. Risk Management, Internal Controls & Related-Party Transactions 1) The BoS should require by regulation that all related party transactions be done on an arm's length basis and should monitor compliance during its on-site inspections. The BoS should periodically review the statutory requirements for reliable risk management systems to ensure that the requirements in these regulations are current and in conformity with evolving banking activities. Banking Supervision and Corporate Governance in Banks 1) The BoS should have clear authority to refuse appointments to a bank supervisory board where they consider the person does not meet the "fit and proper" criteria regarding their understanding and commitment for adequate systems of internal controls and risk management. 2) The BoS should meet with each bank’s supervisory board at least once a year to discuss the bank’s results and strategies and assess the role of the supervisory board in managing the bank. 3) The BoS should work very closely with the Banking Association to promote good governance practices. They should promote good governance practices through websites, and publications. 4) Because of the special risks involved in foreign acquisitions of banks, the BoS should be given the authority to approve or decline all foreign acquisitions by Slovenian banks. It is recommended that the Ministry of Finance provide sufficient authority for the BoS to do so. External Auditors 1) The BoS supervisors should meet with external auditors after their on-site examination s and should meet without the bank board members being present. 2) The BoS should consider adopting practices used in many countries where supervisors also review the work of the auditors to ascertain information that could be useful for on-going supervision. 9 3) The BoS should approve a regulation to require that the external audit firms advise each bank's supervisory board regarding all non-audit services that are performed for the bank. Audit services above certain minimum threshold amount should be subject to approval by supervisory board before commencement of the work. 4) The BoS should approve a regulation to require that audit firms provide a certification to the bank that in conducting their annual audit that they are free of conflict of interest. Disclosure and Market Discipline 1) The BoS could conduct a survey of analysts and market participants regarding their views of the quality of financial and non-financial information provided to the public. 10 Background In both emerging and developed markets, banks have a public obligation to adhere to high standards of corporate governance. As financial institutions that accept deposits from the public, banks have a strong fiduciary obligation--and onerous responsibility--to many stakeholders. The stakeholders include not only bank shareholders but also creditors, depositors, bank supervisors, and even other banks (since the failure of one bank may affect the stability of the banking sector, both at home and abroad). Strong corporate governance arrangements reinforce sound and safe banking practices and are needed to ensure bank management takes full account of the interests of all stakeholders. Following the banking crises of East Asia in 1997, Russia in 1998, and Turkey and Argentina in 2000-2001, and the 2007 failure of a reputable UK bank, sound corporate governance of the banking sector has become recognized—even more than before--as an important component for ensuring the stability of a country’s financial system. In recent years, the World Bank has reviewed issues related to corporate governance of banks and other financial institutions as part of the Financial Sector Assessment Program (FSAP). Looking to take a highly structured approach on bank governance reviews, the World Bank developed a questionnaire and a set of 27 draft principles (or “criteria�) reflecting strong corporate governance practices in banks. The pilot review for the Czech Republic (prepared in March 2005) was the first effort to apply the set of assessment criteria. In addition, pilot reviews were also conducted for Slovakia and Macedonia.1 The Slovenian bank governance review has three objectives to: (i) conduct a review of the Slovenian bank governance framework, (ii) make recommendations on provisions that would help to strengthen the governance structure of banks in Slovenia, and (iii) refine the good practices developed for the pilot banking governance review program. The good practice criteria used for the Review is found in Annex I. Methodology and Scope of the Review The criteria used in the Slovenian bank governance report were developed initially for the Czech Republic bank governance review by teams consisting of Bank staff and international consultants. The criteria are considered to be a “work-in-progress� and were revised by the Bank teams incorporating the lessons learned from the pilot reviews. It is expected that the criteria will be amended further in the course of preparing other pilot bank governance reviews. The selection of criteria was based on the experience of the World Bank, the International Monetary Fund and national supervisory agencies in preparing FSAPs in over 100 countries among developed and emerging markets. (Over 20 FSAPs are been conducted in the Europe and Central Asia Region alone.2) However a wide range of materials was also used in preparing (and revising) the criteria. The materials include the 1999 guidelines of the Basel Committee on 1 The bank governance assessment is one of a series of pilot financial sector governance assessments prepared by the World Bank. The World Bank has developed other pilot assessments for: (i) the insurance sector, (ii) the collective investment fund sector and (iii) the private pension fund sector. 2 In each of the FSAPs, a detailed review is prepared of compliance with Basel Core Principles of Banking Supervision. In addition, eight of the FSAPs in the Europe and Central Asia Region included technical notes on corporate governance of the banking sectors. 11 Banking Supervision as well as the 2006 updated guidelines, the 2004 Corporate Governance Principles of the Organisation for Economic Co-operation and Development (OECD), as well as various national codes on corporate governance. Additional input came from the European Union’s Financial Services Action Plan and the Action Plan for Company Law and Corporate Governance as well as the July 2004 Recommendations of the European Commission regarding the role of non-executive or supervisory directors.3 The bank governance review is one of several financial sector reports prepared by the World Bank at the request of the Slovenian Government. Others are the 2000 and 2003 Financial Sector Assessment Program (FSAP) Review, the 2003 Corporate Governance Report on Observance of Standards and Codes (ROSC), the 2004 Accounting and Auditing ROSC,4 and the 2005 Reviews of Governance of Insurance and Collective Investment Fund Sectors. The report is based on a visit by a World Bank team to Slovenia that took place between November 5 and 11, 2006. In June 2007, the Bank of Slovenia provided detailed comments on the Review, noting that many of the recommendations of the Review had been incorporated into the revised banking legislation or new regulations. Additional clarifications were provided in January 2008. The Review identifies which recommendations have been adopted and which remain subject for further consideration. Importance of Corporate Governance in Banks The banking crises of the late 1990s highlighted the importance of effective government regulation and supervision of the banking sector. Banks need to meet the minimum corporate governance standards for all corporations, including protection of shareholder rights. However banks are different from other types of corporations and need to go beyond the minimum standards applicable for commercial and industrial companies. In all economies, banks provide a critical source of funding for both the private and public sectors. Where banks experience problems and lending is restricted, economic development and growth are similarly constrained. Strong corporate governance of banks brings many benefits. It strengthens the supervisory system, including reducing the costs of banking supervision. Transparent and accountable relationships within banks establish a first level of defence against fraud, misrepresentation (or in the case of bankruptcy and default, defalcation.) A strong corporate governance framework for banks directly assists banking supervisors in five ways: 1) It provides banking supervisors with comfort that the banking sector is managed prudentially and with transparency and accountability. 2) It assures supervisors that the banks are being well-managed on their own, in a form of “auto-pilot�, allowing them to focus on strategic issues and the design and effectiveness of internal systems and controls. 3) It allows supervisors to focus their resources on the troubled banks where supervision is most needed. 4) It increases public confidence in the banking sector and the safety of depositors’ funds/ 3 The Committee of European Banking Supervisors (CEBS) is also planning to release a set of more detailed guidelines in the coming months. 4 The ROSCs can be downloaded at http://www.worldbank.org/ifa/rosc.html. A summary of the FSAP is also available at http://www.imf.org/external/pubs/cat/longres.cfm?sk=16065.0 12 5) It clarifies that the main responsibility for maintaining the soundness of a bank rests with the banks board and management, not with the supervisor. International Guidance on Corporate Governance of Banks The Basel Committee on Banking Supervision has played a leading role in setting standards for banking regulation and supervision. Several of the Core Principles for Effective Bank Supervision revised in October 2006 refer to the importance of a strong bank governance framework. The emphasis on bank governance was reinforced by the recent revisions. In particular, Core Principle 3 (licensing criteria) notes the importance of the assessment of the supervisory agency regarding each bank's ownership structure as well as the fitness and propriety of management and supervisory boards. Principle 7 (risk management process) requires that the supervisory agency be satisfied with the each bank's system of risk management, including oversight by board members and management of the bank. The Basel II Accord on International Convergence of Capital Measurement and Capital Standards goes a step further in granting an important role to oversight mechanisms for review of banks’ systems and processes of risk management. Basel II identifies three key pillars, referring to minimum capital requirements, self-assessment and the supervisory review process, and disclosure and market discipline. The Basel II framework requires that banks maintain a capital base sufficient to foster financial stability in times of adversity and uncertainty. The framework also obliges banks to establish risk measurement and management processes, which should be based on both historical data and formal quantitative techniques.5 In February 2006, the Basel Committee issued its paper titled Enhancing corporate governance for banking organisations which updated and expanded an earlier report from October 1999.6 The paper was issued to supervisory authorities and banking organisations worldwide to help ensure the adoption and implementation of sound corporate governance practices by banking organisations. In addition the debt rating agencies have expressed a strong interest in having banks maintain good corporate governance practices. Both Moody’s Investors Service and FitchRatings have prepared useful analyses of the key issues and have used these extensively in evaluating the credit-worthiness of banks. While there are many ways to review corporate governance of banks, both approaches—those of the Basel Committee’s Core Principles and corporate governance recommendations and the rating agencies—reflect a common approach to the key issues that must be addressed if a banking sector is to enjoy sound corporate governance.7 5 Within the European Union, Basel II has been reinforced by the June 2006 approval of the European Parliament of the Capital Markets Directive for credit institutions and investment firms. 6 The full text of the Basel Committee’s documents can be downloaded at http://www.bis.org/publ/bcbs128.htm 7 In the US, the Sarbanes-Oxley Act of 2002 (H.R. 3763) highlighted the corporate governance roles of supervising boards of directors. The Act increased the obligations of (supervising) boards to oversee management and auditors and required the direct involvement of board audit committees to oversee internal control and auditing matters. While Sarbanes-Oxley is directly applicable only the companies that are publicly listed on US stock exchanges, US-based private corporations and financial institutions are also under pressure to comply with the same requirements. 13 Overview of the Slovenian Banking Sector Bank credit in Slovenia has steadily grown in recent years and compares relatively favourably to comparator countries as seen in Figures 1 and 2. Figure 1: Bank Credit as Percentage of GDP, Figure 2: Bank Credit as Percentage of GDP, International Comparison International Comparison 2000 2001 2002 2003 2004 2005 80 Latvia 23 28 36 45 54 73 70 Domestic Credit as Percentage of GDP Estonia 36 40 46 54 63 71 Slovenia 44 47 45 49 55 65 60 Hungary 55 50 54 58 59 63 50 Slovak Republic 57 60 52 44 44 50 40 Czech 30 Republic 50 46 43 49 45 44 Latvia Estonia Slovenia Lithuania 15 16 18 23 30 43 20 Hungary Slovak Republic Poland 33 35 35 36 33 33 10 Czech Republic Lithuania Poland 0 2000 2001 2002 2003 2004 2005 Source: World Development Indicators, 2006 The sector is dominated by three large banks, which together hold 50 percent of the sector's assets, as shown in Table 2. The two largest banks as well as two small banks currently have investment grade ratings for their fixed-income securities as seen in Table 3. Table 3: Issuer Default Ratings by Fitch Ratings Short-term Long-term Individual Support Nova Ljubljanska banka F2 A- C 1 Nova Kreditna banka F2 A- C 1 Maribor SKB banka n.a. n.a. n.a. 1 Banka Koper F1 A+ C 1 Banka Celje F3 BBB C 3 Abanka Vipa F3 BBB C 3 Gorenjska banka F2 A- B 3 Republic of Slovenia F1+ AA/AA n.a. n.a. Notes: Republic of Slovenia short-term relates to foreign currency, long-term to both domestic and foreign currency. n.a refers to not applicable. Source: BoS June 2007 14 Table 2: Market Share of Banks in Slovenia Bank Market Share in % of Total Banking Sector Assets 2005 2006 Nova Ljubljanska banka d.d. Ljubljana 31.6 30.3 Nova Kreditna banka Maribor d.d. Maribor 10.2 10.9 Abanka Vipa d.d. Ljubljana 8.5 8.5 SKB banka d.d. Ljubljana 6.6 6.2 BA CA d.d. Ljubljana 6.4 6.5 Banka Koper d.d. Koper 6.2 5.6 Banka Celje d.d. Celje 5.9 5.8 Gorenjska banka d.d. Kranj 4.7 4.4 R. Krekova banka d.d. Maribor 3.1 2.8 Hypo Alpe-Adria-bank d.d. Ljubljana 2.9 3.4 Probanka d.d. Maribor 2.2 2.4 Poštna banka Slovenije d.d. Maribor 1.8 1.7 Deželna banka Slovenije d.d. Ljubljana 1.7 1.8 Banka Sparkasse d.d. Ljubljana 1.6 2.1 Volksbank-Ljudska banka d.d. Ljubljana 1.4 1.4 NLB Banka Domžale d.d. 1.4 1.3 Factor banka d.d. Ljubljana 1.3 1.6 NLB Koroška banka d.d. 1.1 1.0 NLB Banka Zasavje d.d. 0.9 0.8 BAWAG d.d. Ljubljana 0.4 1.1 BKS Bank AG Branch office Ljubljana 0.2 0.3 Zveza Bank Branch office Ljubljana 0.0 0.0 Banks and branch offices 100.0 100.0 Source: BoS Previous Assessments of the Governance of the Banking Sector The 2004 Financial Sector Assessment Program (FSAP) report for Slovenia included detailed assessments compared to both the Basel Core Principles and the OECD Corporate Governance Principles then in place. (Both sets of principles were subsequently revised.) The FSAP found that Slovenia was "compliant" or "largely compliant" with 27 of the 30 Basel Core Principles (or 90 percent), the major weaknesses found in the low level of salaries of the Bank of Slovenia (BoS) and the absence of requirements for related party transactions of banks to be conducted on an arm's length basis, an issue that still remains.8 On general corporate governance, Slovenia was weaker with only 17 compliant or largely compliant ratings out of 23 (74 percent). The Corporate Governance ROSC noted the relatively high level of transparency and ownership of the corporate sector, largely due to the public’s right to access the shareholder records held by the Central Securities Clearing Corporation (KDD) but 8 A copy of the summary report is available at http://www.imf.org/external/pubs/ft/scr/2004/cr04137.pdf 15 identified continued weaknesses in the effectiveness of supervisory boards. The key recommendations of the ROSC were to: 1) Adopt a corporate governance code for major corporations and financial institutions; 2) Require that financial institutions establish board committees on key issues, such as auditing and personnel; and 3) Establish comprehensive training programs for supervisory board members. The recommendations have been largely implemented. The Ljubljana Stock Exchange adopted (and then updated) a corporate governance code that was also endorsed by the Association of Supervisory Boards and the Association of Managers. All listed companies and banks are obliged to prepare an annual statement of their compliance (or the reasons for their non-compliance) with the Corporate Governance Code. Both Nova Ljubljanska banka (NLB) and Nova Kredit banka Maribor (NKBM) include the compliance statement in their annual published financial reports. In addition, about ten institutions have been certified to provide training for supervisory board members. Also the Association of Supervisory Board Members maintains a certification program for supervisory board members. For the Government-controlled banks, completion of the three- day training program is a minimum requirement for supervisory board members. NLB has also sent over 80 of its managers to attend the same training. The third area—establishment of board committees within supervisory boards—has not yet been fully implemented. The large banks, notably NLB and NKBM, have established audit committees within their supervisory boards and changes to the banking law will require the same for all banks owned by foreign banking corporations and domestic banks with foreign operations. However the small banks are not required to establish audit committees within the supervisory boards. The ROSC also provided additional detailed recommendations on measures to strengthen corporate governance (and in particular transparency) in the securities markets. Although much securities legislation has since been improved, the ROSC recommendations have not yet been implemented.9 Key Findings and Recommendations In general, the Slovenian banking system establishes high standards of governance with sound decision-making processes in place. However the renewed focus of the European and international financial regulators on governance issues—combined with the expansion of Slovenian banks into neighboring countries and increased volatility of global capital markets— suggest that the supervisory authorities should take all actions that can to further strengthen governance of the Slovenian banking system. The Review’s key findings and recommendations focus on six areas: (i) ownership, (ii) supervisory board and management board, (iii) risk management, internal controls and related- party transactions, (iv) the role of banking supervisors. Additional comments are included on (v) external auditors and (vi) disclosure and market disciple. Annex I provides a detailed list of the criteria used to review of Slovenia’s bank corporate governance. 9 A copy of the Corporate Governance ROSC can be downloaded at http://www.worldbank.org/ifa/rosc_cg_slov.pdf 16 Ownership The first point at which the governance of the banking sector in a country can be influenced in the appropriate direction is by the authorities ensuring that the owners of the banks operating in their country are sound and suitable. The first test is that the owners should not have been guilty of criminal behaviour, especially in the financial area, in any jurisdiction. A second test is that the owners should be free of material conflicts of interest that could arise from their ownership of competing financial institutions or institutions that are related parties to the bank. A third test is that they have a strategic view of their ownership of the bank as without guidance in this respect from the owners, the board and management will have difficulty in setting a clear strategic direction for the bank and managing it so as to achieve these objectives. The Bank team did not observe any weaknesses related to the first test above. However, discussions with Government and bank representatives revealed concerns in regard to the other two tests of "sound and suitable ownership". As noted in Table 4, the Government continues to be the major owner of the banking sector. Directly or indirectly, the Government has controlling shareholdings in the three largest banks (NLB, NKBM and Abanka Vipa) which together account for 50 percent of the system. The next two largest banks, SKB banka and Bank Austria Creditanstalt, are owned by major western European foreign banks. Whereas in most central European countries, the banking sector is largely owned and controlled by western European banks, in Slovenia foreign banks control only about 29 percent of bank sector assets, though this share is growing. The remaining banks are domestic and privately owned, with a number of the owners being corporations. The strategic reasons for the Government’s continued dominant ownership of banks in Slovenia are not clear. Three possible motivations are to: 1) Ensure that the key institutions in the domestic payments system and in the domestic credit market remained in Slovenian ownership and control; 2) Provide a mechanism for rehabilitating or merging the smaller, weaker banks in the system in a smooth manner; or 3) Provide a vehicle for foreign expansion by one or more Slovenian banks. However the lack of clarity for the Government's strategic objectives makes it difficult for the management and supervisory boards of the state-controlled banks to develop coherent medium- term strategies for their banks. Furthermore the three motivations are not consistent with each other. As a result, the second and third motivations increase the risks assumed by the banks. The additional risks also reduce the probability that the banks will be able to meet the first objective. In addition, the control relationships of some shareholders is not sufficiently clear where the shares are held by one of two parastatal funds, Kapitalska Druzba (Capital Fund) or Slovenska odskodninska druzba (Slovenian Compensation Fund), or by companies controlled by the funds. Cross-shareholdings between banks and companies are also common. While the control relationships of Slovenian banks are reported to the BoS, the full extent of the relationships is not disclosed to the public. Furthermore the relative opaqueness of the system allows for a large amount of inter-relationships among the Government and companies in Slovenia through a diverse set of links, an issue that the banking supervisors in Slovenia have to address very carefully when looking at related party transactions. The 2006 Banking Act provides a useful approach in limiting cross-shareholdings, whereby a company owned by a bank may not own 17 Table 4: Ownership Structure of the Five Largest Banks in Slovenia Market Ownership Bank Share Shareholders Share Nova Ljubljanska Banka (NLB) 31.6 % Republic of Slovenia 35.4 % KBC Bank (Belgium) 34.0 % SOD (Government of Slovenia) 5.1 % KAD (Government of Slovenia) 5.0 % European Bank for Reconstruction & Development 5.0 % Potenza Naložbe (privately owned) 3.4 % Other small shareholders 12.1 % Nova Kreditna Banka Maribor (NKBM) 10.2 % Republic of Slovenia 90.4 % SOD (Government of Slovenia) 4.8 % KAD (Government of Slovenia) 4.8 % Abanka Vipa 8.5 % Zavarovalnica Triglav (owned 80.9% by SOD + KAD) 25.7 % FMR (owned 19.5% by KAD and 3.4% by NKBM) 9.8 % Triglav DZU (managed by Triglav Asset Management Company) 7.3 % HIT (owned 20% by SOD and 20% by KAD) 6.1 % Štajerski Avtodom (privately owned) 5.0 % Zvon Ena Holding (privately owned) 6.9 % Poteza Naložbe (privately owned) 5.3 % Vipa (owned 7.4% by HIT) 2.3 % Kingshouse Investments Limited (Cyprus) 4.0 % Daimond (owned by 36.3% by HIT) 3.6 % Salus (privately owned) 2.6 % SOD (Government of Slovenia) 2.2 % Other small shareholders 19.2 % SKB Banka 6.6 % Societe General (France) 97.4 % Genefinance (France) 2.1 % Other small shareholders 0.5 % Bank Austria Creditanstalt 6.4 % Bank Austria Creditanstalt AG (Austria) 99.9 % Other small shareholders 0.1 % Total 63.3 % Note: Market share is based on total assets for each bank. Source: BoS. Data as of June 2007 more than 20 percent of the bank. The Banking Act also includes an extensive discussion of indirect relationships and the 2006 Regulation on Disclosure by Banks and Savings Banks requires disclosure of significant subsidiaries and various types of risk, such as credit and operational risk. The solution that would create the highest level of transparency would be for the BoS to simply require that banks publicly disclose all indirect control relationships. It will remain to be seen if the revised legislation and new regulation are sufficient to produce the same result. 18 The role of the Government as an owner of banks creates some issues in governance of the Slovenian banking system. The Government-controlled banks have been expanding in recent years through the retention of profits and the issuance of subordinated Tier II debt. Each time the Government agrees, either explicitly or without deliberation, to leave its profits in the bank the Government is in effect making an additional investment into the banking sector. The Government, as a rational shareholder, should assess this use of its funds against all other potential uses of fiscal revenue in Slovenia. In addition, the current growth strategies of some of the Government-controlled banks, and especially the NLB, involve a high level of risk and will likely require a contribution of additional capital. As long as the Government is the owner of banks, it needs to fully understand the risks involved in the each bank's current strategy--and be prepared to fully back the expansion strategy with additional capital should this become necessary. The options are limited. They are increased investment by the government, sale of part of the government’s share, or issuance of new shares (diluting the Government’s interest.) Reduction in the degree of Government’s ownership would be the best strategy for the future development of the Slovenian banking system. Given the current high degree of Government ownership, this could not be done in one step and would require the development of a comprehensive and coherent privatisation policy in order to reduce uncertainty and maximise sale-value to the state. The privatisation processes used to date do not appear to involve a comprehensive or coherent privatisation policy. Unless these weaknesses are overcome and the strategy made clear to all parties, the market-value of the Government-controlled banks in Slovenia could diminish sharply. If the Government decides to maintain long-term investments in the banking sector, it should take steps to improve governance of the state-controlled banks. In particular, the Government should set financial and non-financial performance objectives for the state-controlled banks (and other financial institutions). As the representative of the Republic of Slovenia, the Ministry of Finance should set explicit goals for the state-controlled banks to ensure that they maintain long-term financial stability and still meet the public policy objectives of the Government. Preferably the goals should be codified by law or regulation and supported by an explicit public policy statement of state-controlled financial institutions. The supervisory boards of the state-controlled banks should also be tasked with developing (and implementing) a plan to achieve the goals established by the Ministry representing the Government as the dominant shareholder in the institutions. Remaining Recommendations 1) The Government should reduce its shareholdings in banks. The first step should be to develop (with the assistance and advice of the BoS) a medium-term strategy to evaluate the ways to achieve this objective. 2) If the Government decides as part of this strategy to retain a controlling interest in one or more banks over the short or medium-term, the Government should develop clear financial and non-financial objectives for those banks. Explicit objectives should be codified and supported by a public policy statement. The banks’ supervisory boards and management should be charged with developing and implementing a plan to meet the objectives. 3) The BoS should monitor adherence to the banking legislation and the Regulation on Disclosures by Banks to ensure that all banks publicly disclose all indirect control arrangements in companies and financial institutions. 19 Supervisory Boards & Management A well-functioning oversight function is the key to sound corporate governance for any corporation, but particularly for banks. In dual-tiered board systems, the oversight function generally falls to the supervisory board.10 A bank’s supervisory and management boards have primary responsibility for the safety and soundness of a bank—and together they constitute a “first line of defense� against unsafe or unsound practices. However the lessons learned from bank failures in recent years—and from the corporate governance scandals in Europe and America—place increasing emphasis on the key role of the oversight function of supervisory boards. The provisions of the Basel II Accord also emphasize the role of supervisory boards in understanding the risks assumed by the bank. Basel II requires that bank supervisory boards ensure that banks have sufficient capital and adequate systems to measuring and monitor the bank’s complex and multivariate risks. The Review found that supervisory boards in most Slovenian banks were not as involved or as proactive as they might be. The issue is complex in countries with a banking sector dominated by Government-owned banks and with the presence of some strong foreign banks. For the state- owned banks, one key issue is that the Government, as owner of the bank, needs a clear view of the purpose of its investment in the bank so that the bank management can develop an appropriate medium-term strategy for the bank. A second key issue is that the Government needs to apply the same criteria and standards to the appointments of the supervisory board members and senior management of the bank in order to protect the value of the Government’s investment in the bank and to allow the bank to compete with the privately-owned banks. One could even argue that the supervisory board members need to be even more experienced and professional as the shareholder will not be exercising the same degree of oversight as compared to the case where the major shareholder is a reputable international bank. For the foreign-owned banks, one key consideration is to ensure that the parent bank has sufficient flexibility to establish the supervisory structures to protect the parent bank’s interests and reputation. But this needs to be balanced by the interests of the host country and the depositors in the bank. The two sets of interests will often be consistent, but cases could arise where this is not the case and the governance structures need to be able to recognise and deal with such cases appropriately. In Slovenia, around 29 percent of the banking sector is comprised of western French and Austrian banks whose systems of internal controls and audits have been tested by the recent years of banking crises worldwide—and whose systems and processes are subject to close supervision by their parent bank and by their home banking supervisory agency. For such banks, selection of the members of the supervisory board of the local subsidiary is an important element in the parent bank’s system of internal controls and supervision. The parent bank generally prepares the local bank’s statutes in accordance with the parent bank’s group-wide 10 The discussion of supervisory boards is intended to apply both to unitary and dual board structures. In unitary boards, the board of directors generally has a wider role than would a supervisory board in a dual board. The review’s criteria in the Annex focus mainly on the board’s role in selecting and removing management and overseeing the prudent management of the bank. These are functions that are applicable to both boards of directors in unitary board systems and supervisory boards in dual board structures. Note that the 2006 revisions to the Companies Act allows corporations to choose either a dual or single board structure. However all the Slovenian banks have retained their dual board structures. 20 decision-making structures and the parent bank’s own legislation. However if there is a conflict between the parent bank’s regulations and local legislation, the local laws must take precedence. In most foreign-controlled banks, the supervisory boards consist almost totally of executives of the parent bank or banking group. Most of the supervisory board members are not Slovenian residents. In at least one case, most of the meetings of the supervisory board have been held in the country of the parent bank, not in Slovenia. It is therefore not clear if the supervisory boards of these banks understand the local environment and are fully aware of the extent of their fiduciary duties in Slovenian context.11 In good times, it may be sufficient to rely on the supervisory capacity of the home bank supervisors – that might be located in Austria or other European countries. However in troubled times, such reliance may not be prudent or appropriate for the host country. As such, these supervisory boards should be required to have some independent local members on them. Bank supervisory boards should be legally responsible for: 1) Approving the strategic objectives and business plans of the bank, 2) Monitoring the performance of the bank, 3) Understanding the bank’s risk profile and making sure that the capital levels are adequate for the risk profile, 4) Ensuring the quality of the bank’s systems of internal control and risk management, 5) Appointing the senior management team and ensuring that the team possess appropriate skills, knowledge, and expertise in managing the institution, and 6) Ensuring adequate public disclosure as needed to enforce market disciple. The 2006 revisions to the Companies Act and Banking Act as well as the 2007 Regulation on the Diligence of Members of Management Boards and Supervisory Boards substantially strengthened the role of bank supervisory boards, giving them responsibility for the six areas noted above. The revised legislation also clarified the statutory fiduciary duty of supervisory board members and management in four key areas. 1) Making supervisory boards aware that they have a legal obligation to comply with all Slovenian laws and regulations. 2) Requiring supervisory boards to disclose to the Slovenian authorities any infractions of the law. 3) Ensuring that supervisory board members are made aware that if they do not do so, they increase the risk of being held personally liable for any damage that may occur. 4) Requiring that banks establish internal policies and procedures to ensure that supervisory board members are qualified, meet the “fit and proper� test and possess necessary range of banking, finance and business management skills. All are important to ensure that bank supervisory boards conduct their duties conscientiously. However the Review recommended that additional steps could be taken. For example, the BoS could encourage development of a corporate governance code for banks, based on the Corporate Governance Code of the Ljubljana Stock Exchange (LSE). The LSE Code provides several useful recommendations on supervisory boards. The Code recommends that no members of the 11 Such an issue arose in the case of the collapse of Banque du Commerce and de Credit International (BCCI) which collapsed in 1991. At that time, the regulators of the foreign subsidiaries (such as in Canada) relied on the members of supervisory boards of the local operations to address the obligations of the local subsidiaries. 21 company’s executive management should also be on the company’s supervisory board and that supervisory board members should be free of conflicts of interest. The Code also recommends that all receive training to assist them in conducting their duties. To ensure that supervisory boards play an active role, the Code also suggests that the supervisory boards should meet at least two times per year. (See Banking Supervision and Corporate Governance in Banks.) While no corporate governance code was developed for banks, the Review's recommendations were incorporated in the revised laws and new regulations. The Review also recommended that each bank prepare its own code of ethics. While the Regulation on Diligence specified that business ethics and personal integrity should be evaluated as part of a supervisory board member's qualification, the Regulation did not require that an ethics code be developed for each bank. In addition the Review recommended that BoS promulgate regulations for the supervisory boards regarding the minimum set of internal committees they should have. For example, not all bank supervisory boards in Slovenia include an audit committee. Among both publicly-traded companies and financial institutions worldwide, it is becoming best practice to establish various committees within supervising boards. The committee structure allows members of the committee to focus more closely on issues that need to be addressed. A board audit committee is one of the most commonly found committees and is very important for good corporate governance. The audit committee should have specific tasks identified in the bank’s statute. Such tasks should include receiving the reports of the internal and external auditors, reviewing the bank’s financial statements and all financial disclosures, and approving the bank’s systems of internal controls and risk management. It should be possible for board audit committees to include some independent expert members in order to assist the board in carrying out this important role. The Review recommended that it be a requirement that all bank supervisory boards have audit committees. Additional committees were also suggested, including committees to review risk exposures, and particularly credit risk, compliance issues and senior management remuneration and incentive policies and a committee on remuneration. To avoid an over-expansion of supervisory board committees, one solution would be to create just two committees, an audit committee to deal with auditing and financial issues and a business conduct review committee to address all non- financial issues related to the bank. The revisions to the Banking Act stipulated that audit committees are required for banks operating outside Slovenia or whose parent is part of a banking group. The revised Companies Act required that where the supervisory board appoints an audit committee, the committee must have at least three members and one must be an independent expert in either accounting or finance. The Regulation on Diligence of Board Members also specified the needed qualifications for bank audit committee members. However best international practice is that all financial institutions should be required to have audit committees within their supervisory boards. Additional supervisory board committees would also be helpful, particularly for large banks. Related-party transactions and loans to shareholders, officers and employees are another area of possible corporate governance concern in Slovenia because of the high degree of Government ownership and because some banks are members of conglomerates that include a large number of other businesses. (See also discussion below under Risk Management, Internal Controls and Related Party Transactions.) The Review recommended that the BoS issue supervisory board guidelines that explicitly charge the bank supervisory boards with the responsibility for ensuring the bank has strong and sound procedures for dealing with related party transactions and ensuring they are done on arm's length terms. Basel Core Principle 11 also requires that all related party transactions be conducted on an arm's length basis. The revised Banking Act requires that 22 supervisory boards give their approvals for all related party transactions above € 22,000 but there are no requirements that the transactions be conducted on an arm's length basis. The Review also recommended that additional guidelines be provided for the operation and structure of supervisory boards. The then current law sets the minimum number of supervisory board meetings at just two a year. The specification of such a low number points to the low level of importance placed on the role that supervisory boards must play in ensuring good corporate governance. The Review found that at least one supervisory board took the law at face value and met only twice a year. A significant number of supervisory boards met only two to four times a year, which is inadequate to be able to carry out the important range of roles that the board should be responsible for and to keep the board members up-to-date on the financial condition of the bank. The BoS should mandate a higher minimum number of meetings, which could be a minimum of six a year for the full board and four a year for the board audit committee. The revised legislation requires a minimum of four supervisory board meetings a year. But more should be done. Supervisory boards should also have a minimum number of members to be able to fully conduct their duties. The Companies Act only requires three members and many bank supervisory boards currently have just four members. The BoS should require that they have at least five members in line with international best practice. Supervisory boards should also have some independent members. It is the supervisory board that sets the ethical standards for the bank and ensures that the bank conducts its operations with integrity and in the interests of all stakeholders. In this way, an effective supervisory board is an essential part of a system of checks and balances that ensures that neither large shareholders nor persons of authority can abuse their positions of power—and that key decisions are made with the bank’s best interest in mind. This role can only be accomplished if members of the supervisory board exercise independence and are able to demonstrate their ability to act independently of senior management and controlling shareholders. Best practices in corporate governance emphasize the importance of “independent� members of supervisory boards.12 All bank supervisory boards, including wholly-owned subsidiaries of a foreign bank, include at least two "independent" members. If only one such member is included they take on a lot of responsibility and could also be isolated by the other members. The revised Banking Act and the 2007 regulations specify the need for at least one independent supervisory board member. This is a useful first step but a minimum of two independent members should be required for bank supervisory boards. The Review also found that the levels of remuneration for supervisory board members was often too low to justify a serious amount of work, particularly in the Government-controlled banks. As a result, the Review recommended that a survey be conducted of the levels of remuneration of supervisory board members. In addition the Review suggested that each of the banks develop a code of ethics and that processes be put in place to monitor adherence to the code by the bank’s employees including members of the supervisory board and management board. Both issues were addressed by the 2007 Regulation of Diligence of Board Members. (Additional comments on the power of the supervisory agency to remove supervisory board members are provided under Banking Supervision and Corporate Governance in Banks.) 12 In United States (US) terminology, independent board members refers to those who are not part of the company’s management board, nor related to controlling shareholders or hold staff positions in the bank. However in European terminology, independence generally means free of conflicts of interest. In this report the concept of "independence" is used as in US terminology. 23 In addition the Association of Supervisory Board Members provides valuable training for supervisory boards in commercial and industrial companies. Such training would also be useful for supervisory board members in banks and other financial corporations. Special provisions should also apply to Government-controlled banks. The February 2007 Resolution on Incompatibility of Public Function with Supervisory Function in Supervisory Boards and Management Boards of Companies provides important restrictions, notably that no officials of state body should be a member of the supervisory or management board of a company. In addition, the Ministry of Finance should establish a transparent and structured process for the selection, appointment and removal of their representatives on supervisory boards of state-controlled financial institutions. The selection criteria should ensure that supervisory board members have sufficient competence, experience and expertise to oversee management of large and complex financial institutions. Remaining Recommendations 1) All banks operating in Slovenia should be required by the BoS to have supervisory board audit committees. The committee should be chaired by an independent director. All but the smallest banks should be required by the BoS to have at least one other board committee that covers the significant non-financial issues. 2) The BoS should specify by regulation that the minimum size of a bank supervisory board be five members and that the larger banks should have more members and supervisory boards should have at least two independent members. 3) Bank supervisory boards should be required to hold meetings at least six times a year, with meetings of the audit committees at least four times annually. 4) The Banking Association should work very closely with the Association of Supervisory Board Members and/or other private sector organizations to provide training on corporate governance to supervisory board members. 5) The Ministry of Finance, representing the Government, should develop a transparent and structured process for the selection, appointment and removal of members of supervisory boards for Government-controlled banks. Risk Management, Internal Controls & Related-Party Transactions Of all issues in corporate governance, related-party transactions bring into focus the myriad of conflicts of interest found in banks and financial institutions. In emerging markets and developed economies alike, transactions that are made among companies or financial institutions with common ownership are among the most open to abuse. The Review recommended that the EU Directive on financial conglomerates (2002/87/EC) be fully implemented. The Directive requires special provisions where banks or financial institutions are part of financial or mixed financial and industrial conglomerates. The Directive requires that the lead supervisory agency set tighter controls for banks that are part of the conglomerates than for banks held on a stand-alone basis. However, the same levels of controls and thresholds are uniformly applied to all banks, even where the bank is part of a mixed conglomerate. The Directive further notes that the competent authorities should take into account the specific group and risk management structure of the conglomerate and define appropriate thresholds based on regulatory own funds and/or technical provisions. In particular, the authorities should monitor: (i) the possible risk of contagion within the financial conglomerate, (ii) the risk of conflict of 24 interests, (iii) the risk of circumvention of sectoral rules (also called regulatory arbitrage), and (iv) the level of risk. Tightened thresholds should be applied to domestically-owned banks as long as they remain part of mixed conglomerates. The Directive was implemented in Slovenia with the approval of the Financial Conglomerates Act of 2006 and its subsequent implementing regulations. The Review also recommended special provisions within the Law on Banks governing the terms and conditions for arm's length commercial transactions and exposures with related parties, insiders, downstream entities, and companies owned by controlling or significant shareholders. The BoS has the legal authority arising from some of the general clauses on the Banking Law to ensure transactions with related parties are done on an arm's length basis. The BoS has issued guidelines relating to credit risk and that related party transactions were covered in those guidelines. However, it seems these guidelines cover only avoiding large exposures to related parties and fall short of requiring that all related party transactions be done on arm's length terms. Given the high degree of inter-relationships in the Slovenian economy because of its small size and the prevalence of cross-shareholdings, this legal provision is, in the view of the Bank team, inadequate. Related party transactions that are not done on an arm's length basis are a serious risk for any bank. For example, it is often more difficult for a bank to take legal action against a related party in the event the other party defaults. It would be helpful to the supervisory boards and would help prevent any possible abuse if the BoS explicitly regulated that all related-party transactions should be done on arm's length terms. A key step a supervisory board can take to ensure that the bank has sound internal risk management and control systems and that they are applied in practice is to set up a strong internal audit department. This department must be independent of management in status and practice. They need to have direct access to the supervisory board’s audit committee. The board audit committee should ensure that adequate resources are made available to the audit department by management to fulfill its responsibilities--and that senior management is providing the necessary information and assistance to the internal auditor to allow them to fulfil his/her responsibilities. Under the Banking Law, the internal audit department of a bank has substantial contact with the bank’s supervisory board. In particular, the department’s semi-annual and annual reports are submitted to both the management and supervisory boards. However concern was expressed to the Bank team that the internal audit department of a bank may not be prepared to report to the supervisory board on major breaches of the bank’s risk management policy because the internal auditors are appointed and evaluated by management. The BoS may wish therefore to consider ways of providing additional functional independence to the internal audit department, for example, giving the internal auditors the option to have additional meetings with the supervisory board (and particularly, the audit committee if one is in place) but without members of the management board being present at the meeting. In addition, management should be able present its comments on the internal audit reports but should not be able to edit or withhold the internal audit reports. Another area of potential risk for banks is investment in non-financial areas. Banks in Slovenia are allowed to invest in non-financial investments. Under Article 87 of the Banking Law, there is an upper limit on the total of these investments of 60 percent of capital, which follows EU Directive (2006/48/EC) on capital requirements for credit institutions. The 2007 Regulation on Qualifying Holdings further clarified the maximum limit of 60 percent of a bank's capital. Such a high limit creates some risks. For most banks in Slovenia, their current level of investment in non-financial companies was less than 10 percent of capital. It may be prudent for the BoS to 25 consider reducing the legal upper limit to a level closer to the one the banks say they have adopted in practice. Remaining Recommendations 1) The BoS should require by regulation that all related party transactions be done on an arm's length basis and should monitor compliance during its on-site inspections. 2) The BoS should periodically review the statutory requirements for reliable risk management systems to ensure that the requirements in these regulations are current and in conformity with evolving banking activities. Banking Supervision and Corporate Governance in Banks The Review recommended that the BoS issue secondary legislation and this secondary legislation could cover corporate governance requirements, as has been done. The Review also noted that an important consideration for Slovenia is having corporate governance guidelines that cover banks with different ownership structures. The guidelines need to cover expectations for foreign bank subsidiaries, domestically-owned private sector banks, Government-owned banks, regular branches, and branches that are conducting business under the single passport rules. For example, they need to ensure in the case of foreign-owned banks that the guidelines protect the Slovenian banking system in cases where the parent bank’s interests differ from those of the local subsidiary—and differ from the needs of the local banking supervisors. They need to encourage strong corporate governance in the domestically-owned banks that are opening subsidiaries outside Slovenia. These are issues that banking supervisors in most countries have to understand and manage. A third consideration that is much more significant for the supervisor in Slovenia than in most other countries in Europe is the need to ensure that there is strong corporate governance in the banks where the Slovenian Government owns or controls the banks, which currently includes the three biggest banks in the country. The Review also noted that Slovenia has both foreign-owned banks operating in its banking market and locally-owned banks operating foreign subsidiaries, thus raising the issues of home- host supervisory cooperation and coordination. Three issues are important: 1) Home and host supervisors need to coordinate their supervisory actions and policies, 2) A clear allocation of responsibility between home and host supervisors needs to be established, and 3) Both host and home supervisors should have the authority and capacity to effectively protect their financial systems. The BoS views its obligations and responsibilities as both a home and a host supervisor well. The BoS has memoranda of understanding (MOUs) with all the foreign bank supervisors who are involved in the supervision of the subsidiaries of Slovenian banks abroad and of foreign-owned banks in Slovenia. The BoS has taken a pro-active role in regard to these MOUs and is, the only home or host supervisor in the region who can claim to have MoUs in place with all other relevant supervisors. For this the BoS is to be congratulated. The biggest bank in Slovenia, NLB, has banking subsidiaries in seven foreign countries, Germany, Austria, Bulgaria, Bosnia and Herzegovina (where it currently has more than one subsidiary), Macedonia, Serbia, Montenegro and is in the process of purchasing a bank in Kosovo also. Foreign-owned banks from Austria (6), France (1), and Italy (1) currently operate in 26 Slovenia and have around 29 percent market share at present. A Belgium bank is a minority shareholder in the country’s biggest bank. One Slovenian bank is currently investing in banks outside Slovenia, as is a Slovenian investment fund. Another Slovenian-owned bank is also considering such a strategy. This is a particularly risky business area and should receive special attention from the supervisory board and from the BoS. The BoS assumes the responsibility of a home supervisor when a Slovenian bank invests in a bank in another country. With cross-border banking increasing, it is likely that the responsibilities of home supervisors will increase commensurately. The BoS should have the authority to approve, or refuse approval, of all foreign acquisitions by Slovenian banks. Its decision should be based on an assessment of the Slovenian bank’s understanding of the risks involved and its ability to manage them and on the BoS' assessment of the quality of banking supervision in the host country. The BoS authority should cover all acquisitions outside Slovenia, regardless of the size of the acquisition unless the investment is directly related to securities trading and the investment is held for a short period of time (for example, less than six months). Since joining the EU, the BoS has participated in the Committee of European Banking Supervisors and on a number of EU working groups on supervisory issues. BoS representatives have been co-operating in the Banking Supervision Committee of the ECB and from January 2006 became members of this Committee also. The BoS is also a member of the Group of Banking Supervisors of Central and East Europe. The BoS does carry out periodic examinations of the subsidiaries abroad of NLB and permits the home supervisors of foreign-owned banks operating in Slovenia to examine the subsidiaries in Slovenia. The BoS should satisfy itself with regard to the strategy—and ability to monitor the inherent risk– of foreign expansion of the NLB and the Review recommends that if the BoS can not get satisfactory answers on these issues, it should seriously consider limiting further foreign expansion by the NLB. If it does not have the authority to do so, it should make a strong recommendation to the bank and to the Government. Another issue relates to the tests of "fit and proper" for supervisory board members. Basel Core Principle 11 stipulates that the supervisor should, at authorization, evaluate proposed board directors and management on fit and proper tests and any potential for conflicts of interest. The fit and proper criteria include skills and experience and the absence of a criminal record. The essential criteria for the Principle further note that the supervisor should have the power to require changes in the board13 and senior management to address potential concerns relating to the understanding of the risks in their business—or their commitment to a strong control environment. The BoS does not have sufficient authority to fully implement the Principle. Under the law and regulations, the BoS may request that the bank's management board convene a meeting a general shareholders' meeting and propose the discharge of a supervisory board member in any of three circumstances: (1) the supervisory board member has violated his duties as a board member, (2) there is an obstacle to appointing the board member, or (3) the supervisory board member has lacks the qualifications, characteristics or experience needed for the position. However this is not sufficient. 13 Board refers to the board of directors in a single-board system and the supervisory board in a dual-board structure. 27 The supervisory board is the key to good corporate governance in a bank. The membership of such boards has to be appropriate for this role and the supervisor should have the authority to take action if the owners will not. The supervisors should first make a request to the owners, setting out the reasons why the board member should be replaced. However if the owners fail to act, the BoS should have the power to remove the board member. Both the owner and the board member should be able to take legal recourse against such a decision by the BoS and this should ensure the BoS does not use the power of removal in a random or reckless manner. The BoS should also meet on a regular basis, and at least once a year, with the supervisory board of each bank (as is envisaged as part of future supervision by the BoS). Management should not be present at these meetings. The opportunity to exchange information with the supervisory board can be used to determine if the board has a clear strategy for the bank, and are able to monitor the performance of the bank and the management appropriately. It can also be used to assess their understanding of the risks involved in the business strategy adopted by the bank and how these risks are measured and contained within risk limits set by the board. The meetings will also allow the supervisor to assess the quality of supervisory board and determine if the members of the supervisory board are performing their duties in an acceptable manner. Remaining Recommendations 1) The BoS should have clear authority to refuse appointments to a bank supervisory board where they consider the person does not meet the "fit and proper" criteria regarding their understanding and commitment for adequate systems of internal controls and risk management. 2) The BoS should meet with each bank’s supervisory board at least once a year to discuss the bank’s results and strategies and assess the role of the supervisory board in managing the bank. 3) The BoS should work very closely with the Banking Association to promote good governance practices. They should promote good governance practices through websites, and publications. 4) Because of the special risks involved in foreign acquisitions of banks, the BoS should be given the authority to approve or decline all foreign acquisitions by Slovenian banks. It is recommended that the Ministry of Finance provide sufficient authority for the BoS to do so. External Auditors Financial reporting and the quality of the external audits lie at the cornerstone of strong corporate governance in all well-developed economies. Starting in January 2006, all banks operating in Slovenia have been using International Financial Reporting Standards (IFRS) in the preparation of their financial statements The auditing firms for all banks are local firms with ties to one of the Big Four international auditing firms. 28 Remaining Recommendations While there appears to be no major problems in this aspect of corporate governance in Slovenia, the following recommendations can further strengthen the work of external auditors of Slovenian banks. 1) The supervisors should be encouraged to meet with external auditors after their on-site examination to discuss areas of mutual concerns and should meet without the bank board members being present (as is planned by the BoS). 2) The BoS should consider adopting practices used in many countries where supervisors also review the work of the auditors to ascertain information that could be useful for on- going supervision. 3) Audit firms should report to supervisory board all non-audit services that are performed for the bank. Audit services above certain minimum threshold amount should be subject to approval by supervisory board before commencement of the work. 4) Audit firms should provide a certification to the bank that in conducting their annual audit that they are free of conflict of interest. Disclosure and Market Discipline Market discipline, public disclosure and industry initiatives are essential components of the Third Pillar of Basel II and required as part of implementation of the EU’s Capital Requirements Directive. The Banking Association in Slovenia is a strong and professional organisation that plays an important role in setting and maintaining industry standards. But it could play a greater role in the area of setting corporate governance standards for their members. Because most of the largest banks issue bonds on the LSE, the stock exchange also plays an important role in exerting market discipline on parts of the banking sector. The Review recommended two measures that have since been implemented by the BoS. They are that banks should be required to publish their audited financial reports and statutes on their websites and provide an annual statement of risk exposure and its strategy for managing the risks. Both are part of the revised banking legislation and new regulations. However in line with the Capital Requirements Directive and Basel II, the BoS could do more. For example, the BoS should consult with analysts and other market participants in Slovenia to get their views on the data that they would like to see in these disclosure documents in order for them to be able to assess the soundness of each bank and the industry. The BoS should also undertake a study of disclosure rules in major developed countries and use the results of the study in developing the six-monthly disclosure statement for Slovenia. Remaining Recommendation 1) The BoS could conduct a survey of analysts and market participants regarding their views of the quality of financial and non-financial information provided to the public. 29 References Basel Committee on Banking Supervision. February 2006. Enhancing Corporate Governance for Banking Organisations. ______, June 2006. Basel II Accord on International Convergence of Capital Measurement and Capital Standards ______, October 2006. Core Principles for Effective Banking Supervision and related Methodology Caprio, Gerard, and Daniela Klingebiel. January 2003. Episodes of Systemic and Borderline Financial Crisis. World Bank, Washington, D.C. FitchRatings. 3 August 2006. Corporate Governance in Emerging Market Banks. Special Report. Honohan, Patrick, and Daniela Klingebiel. September 2000. Controlling Fiscal Costs of Banking Crisis. World Bank, Washington, D.C. Scott, David H., August 2007. Strengthening the governance and performance of state-owned financial institutions. World Bank, Washington, D.C. 30 Annex I: Criteria used to Review the Corporate Governance Framework for the Slovenian Banking System The Review divides governance structures into two forms—internal governance systems and external forms of governance discipline. Both forms must be effective to promote a sound corporate governance culture and establish a strong foundation for prudent management of banks. The internal systems start with getting appropriate owners of banks and then focus on the roles of two key governing organs: (i) the supervising board which supervises the management board and should be responsible for reviewing the bank’s strategic plans and goals and approving the systems of internal controls and risk management inherent in sound governance arrangements and (ii) the bank’s management board consisting of the executive officers responsible for the day-to- day management of the bank. In Slovenia, all banks currently have a two tier board structure. Under a new Banking Law, which became effective in January 2007, banks will be able to choose between a one tier and two tier structure. However, all but the smallest banks are expected by the BoS to have both a supervisory board and a management board. The Bank team believes the BoS should insist on this as both boards have important and specific governance responsibilities. Merging them into one board usually means that one set of responsibilities dominates the other – and it is usually the management responsibilities that dominate the board oversight responsibilities. In addition, to the two governing organs, proper risk management process and strong internal controls plays an important role in safeguarding the assets of the bank. It ensures that members of the supervisory and management boards have proper and timely information to make sound and prudent decisions. The external systems of corporate governance are those factors that exist outside the bank but exert strong influence on governance culture within the bank. These include the role of the banking supervisor, the role of the external auditor, the role of disclosure, the role of the market in exerting discipline on banks, and the role of industry and professional associations. This report uses both the internal and external factors for the review of bank corporate governance in Slovenia. In addition, Annex I identifies two other specific sets of criteria. One set is related to banks that are wholly or majority owned or controlled subsidiaries of foreign banks or financial groups and the second is related to banks that are wholly-owned or controlled by the Government of Slovenia. 31 INTERNAL FACTORS SECTION A OWNERSHIP Criterion A.1 The owners of a bank should meet "fit and proper" criteria and be free of any material conflicts of interest. The supervisor should have the authority to refuse to license a bank where one of the owners fails to meet these criteria or to freeze the shareholders voting rights if the breech arises after the bank is licensed. The ownership of a bank should be transparent. The supervisory authority should not authorize or continue to authorize banks where their ultimate ownership or control structure cannot be easily understood and supervised. Criterion A.2 Preferably, the banking legislation should prohibit non-financial corporate control of banks. Where such control is permitted, or where a bank is part of a non-financial conglomerate, the supervisor should require stringent controls over related-party transactions and require that the supervising board consist of a majority of independent directors. SECTION B SUPERVISORY BOARD Criterion B.1 The supervising board should have clear, well defined and understood roles and responsibilities, including responsibility to approve the bank’s strategic direction, appoint and oversee senior management, and take ultimate responsibility for the prudent management of the bank. Members of the supervising board should legally be required to perform their duties with due care and diligence and for the purpose of maintaining the long-term safety and soundness of the bank and members of the supervising board should have joint and personal liability for actions taken, or not taken, that could harm the bank. Members of the supervising board should avoid conflicts of interest that could unduly influence their judgment. Where such conflicts cannot be avoided, they should be disclosed to the other members of the supervisory board and the regulatory agency. Criterion B.2 The supervising board should have a sufficient number of members to achieve broad based understanding of the bank’s business activities and effectively discharge its responsibilities. The process for appointing SB members should be transparent and should ensure a reasonable degree of continuity at the board level. Members should have the requisite skills, experience and knowledge and should be required to meet "fit and proper" criteria. All members of the supervising board should receive sufficient training to assist them in the performance of their roles. Supervisory board members should be able to devote sufficient time to their duties in order to make a sound contribution to the supervising board’s functions. Members of the supervising board should be adequately remunerated, commensurate with their obligations and the risks inherent in the role. Criterion B.3 The supervising board should be chaired by a non-executive director and include a minimum number of independent directors as needed to monitor related-party transactions, particularly those with the parent bank or other affiliated companies. Criterion B.4 The supervising board should establish and maintain committees to assist it in the performance of its duties. Such committees should include at least: (1) an audit committee responsible for oversight of internal audits, external audits, approval of published financial accounts, internal controls, and compliance and (2) a business conduct review committee responsible for non-financial issues including risk management, remuneration and nomination and review and approval of related-party transactions. Each committee should include at least one independent member of the supervising board. In the case of the audit committee, it should be chaired by an independent director. 32 SECTION C MANAGEMENT Criterion C.1 The management team should have clearly defined role and responsibilities specified by the supervisory board with necessary authority and resources to manage the bank. All members of the management team should be required to perform their duties with due care and diligence, and for the purpose of maintaining the bank’s long-term safety and soundness. Members of the management team should be free of conflicts of interest and the bank should prepare and publish a code of ethics prohibiting such conflicts of interest. Members of the management team should be fully accountable to the supervising board under the bank’s statutes. SECTION D SYSTEMS OF RISK MANAGEMENT & INTERNAL CONTROLS Criterion D.1 Banks should have reliable risk management systems to identify, measure, monitor and manage all business risks of the bank. Key risk exposures relate to compliance, operations, reputation, credit, interest rates, exchange rates, basis differentials, concentration by sector, geography or industry, and loans to related parties, activities associated with criminal activity and money laundering. The bank’s risk management systems should be subject to regular review by internal auditors and, from time to time, by independent experts to ensure that the systems are appropriate for the nature of the bank’s business activities and risks. Criterion D.2 The bank should maintain systems of effective internal controls. The systems of internal controls should meet international standards such as those of COSO. All banks should have effective internal audit arrangements. Internal audit offices should have adequate resources, independence, access to all bank data and direct access to the supervisory board audit committee. Criterion D.3 The bank should maintain reliable systems and controls for identifying, measuring, monitoring, and managing transactions with related parties, including upstream and downstream entities and controlling or significant shareholders. All business dealings with related parties should be at fair market value and on arm’s length basis and be in the interests of all stakeholders, including shareholders, creditors and depositors, etc. Banks should not be permitted to control or participate in non-financial activities either directly or indirectly. EXTERNAL FACTORS SECTION E BANKING SUPERVISION Criterion E.1 The banking supervisor should have the legal authority to impose corporate governance requirements on banks where necessary. The supervisor should also issue corporate governance guidelines to banks on desirable corporate governance policies, practices and structures and should have an established process to evaluate banks’ corporate governance. Criterion E.2 The supervisor should apply a “fit and proper� test to members of a bank’s supervising board, senior managers and controlling and other significant shareholders, and should have the authority to remove directors or freeze shareholders voting rights where the tests are not met. Criterion E.3 The supervisor should approve a list of accepted auditors for banks using transparent criteria. The supervisor should meet with each bank’s external auditors on a regular basis, including periodically without the bank being present. The supervisor should also evaluate each bank’s internal controls and risk management systems. 33 Criterion E.4 The law should precisely define related-party transactions and the supervisor should issue regulations to establish limits and methods of monitoring related-party transactions. Criterion E 5 The supervisory authority should maintain regular contact (at least annually) with each bank's supervisory board. They should meet the board without management being present. Criterion E 6 The supervisor should develop and maintain formal co-operation arrangements with all foreign supervisors that are relevant to the domestic banking system. This should include formal Memorandum of Understanding but also needs to active co-operation on a regular basis SECTION F EXTERNAL AUDITORS Criterion F.1 Bank financial statements should be audited by an independent external auditor at least annually. Audits should be performed using International Standards of Auditing (ISA). All approved banking auditors should be certified by the professional audit body. Criterion F.2 The audit firm should be sufficiently independent of the bank to ensure a fair and objective audit. Banks should be required to rotate their external audit firm on a periodic basis. A five year rotation maximum is recommended. Audit and non-audit services should be separated so that the non-audit services do not compromise the independence of the audit. Criterion F.3 Auditors should have the legal obligation to report immediately to the supervising board of the bank and the supervisor any concerns they may have relating to breaches of laws or regulations by the bank, non-compliance with the bank’s risk management policies or internal controls or issues that could impact negatively on the bank’s solvency or liquidity. Criterion F.4 The engagement letter for the external audit should be approved by the audit committee of the supervising board. At the end of the external audit process, the auditor should prepare a management letter, to which the bank’s management should prepare a formal response. The management letter and management’s responses should be reviewed by the board audit committee and should be presented to the supervisor after review by the board audit committee along with the audit committee’s formal conclusion. SECTION G PUBLIC DISCLOSURE & MARKET DISCIPLINE Criterion G.1 Banks should be required to prepare financial statements in accordance with international accounting standards such as the International Financial Reporting Standards (IFRS). Where disclosed data is not in accordance with these accounting standards, the supervisory agency should have the authority to set additional requirements. Criterion G.2 Banks should be required to prepare and publish annual reports covering: 1) Financial statements, including comprehensive notes and the auditor’s opinion; 2) A statement describing the major risks of the business and how these are managed; 3) Authorities and responsibilities of the company’s governing bodies; 4) Te names, roles, major affiliations, professional experience and academic background of supervisory board members and key senior managers; 5) The controlling and significant direct and indirect beneficial owners of the bank. Criterion G.3 Banks should be required to disclose a sub-set of the key information contained in the annual reports on at least a six-monthly basis. All reports and disclosure statements should be easily accessible to interested analysts and the public, including on banks’ websites where they exist. The chairman of the audit committee and a member of the management team (either the CEO or CFO) should be required to sign the annual disclosure statements attesting to their accuracy and completeness. SECTION H INDUSTRY INITIATIVES 34 Criterion H.1 The banking sector should establish a banking association to promote good corporate governance practices, including development of a code of conduct and training programs for supervising board members. All banks should be members of the banking association. Criterion H.2 Institutes of directors or other non-state organizations should be encouraged to provide recommendations on desirable corporate governance practices and training for supervising board members. SECTION I SPECIAL ISSUES RELATING TO FOREIGN-OWNED OR CONTROLLED BANKING SUBSIDIARIES AND BRANCHES Criterion I.1 The management of a foreign banking subsidiary should be directly accountable to the supervising board of the subsidiary, even if they have reporting obligations to the parent entity. Criterion I.2 The host supervisor of a foreign banking branch should issue guidelines regarding its expectations concerning the corporate governance of local branches of foreign banks. Section J: SPECIAL ISSUES RELATING TO GOVERNMENT-OWNED OR CONTROLLED BANKS Criterion J.1 The Government should set out clearly the purpose for its ownership of the bank so that the board and Management can develop an appropriate medium-term strategy for the bank. Criterion J.2 All supervisory board members and senior managers of a government owned or controlled bank should meet the same criteria of being "fit and proper" persons for their positions as board members and managers of privately-owned banks. Criterion J.3 The responsibilities of supervisory board members and senior management in these banks should be identical to the responsibilities in a privately-owned bank. Their main responsibility is to act in the interests of the bank. Where this may diverge from some of the interests of the government, the board should inform the shareholder but must continue to act in the interests of the bank. 35 Annex II: Legislation Affecting Governance of the Banking Sector The basic legislation affecting governance of the banking sector consists of the following acts and regulations, as noted in Table 5. Table 5: Key Laws and Regulations Related to Banking Governance 1. Act of Bank of Slovenia (Official Gazette of the Republic of Slovenia, Nos. 58/02 and 85/02 Corrigendum) 2. Banking Act (Official Gazette of the Republic of Slovenia, Nos. 7/99, 59/01, 55/03, 42/04 and 131/06) 3. Law on Savings and Loan Undertakings (Official Gazette of the Republic of Slovenia, Nos. 14/90, 30/90, 17/91, 55/92, 66/93, 7/99) 4. Law on Banks and Savings Banks (Official Gazette of the Republic of Slovenia, Nos. 1/91, 38/92, 46/93, 45/94, 7/99) – superceded by the 1999 Banking Act except for Article 79 5. Act on Companies (Official Gazette of the Republic of Slovenia, Nos. 42/06) 6. Act on Financial Conglomerates (Official Gazette of the Republic of Slovenia, Nos. __/06) 7. Regulation on the Harmonization of the Amounts of the minimum Initial Capital of a Bank and a Savings Bank (Official Gazette of the Republic of Slovenia, No. 2/04) 8. Regulation on Capital Adequacy of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, Nos. 24/02, 85/02, 22/03, 36/04 and 68/04) 9. Regulation on Large Exposures of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, Nos. 24/02, 22/03, 65/03, 44/04, and 135/06) 10. Regulation on Disclosures of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, No. 135/06) 11. Regulation on the Classification of On-Balance Sheet Assets and Off-Balance Sheet Items of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, Nos. 24/02 and 85/02) 12. Regulation on the Diligence of Members of Management and Supervisory Boards of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, No. 28/07) 13. Regulation on Holders of Qualifying Holdings of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, No. 28/07) 14. Regulation on Reporting of Individual Facts and Circumstance of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, No. 28/07) 15. Regulation on Reporting of the Books of Account and Annual Reports of Banks and Savings Banks (Official Gazette of the Republic of Slovenia, No. 28/07) 36